﻿using Microsoft.AspNetCore.Builder;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace YDT_Distributed_Authentication.DistributedAuthentications
{
    /// <summary>
    /// 分布式权限 服务 封装
    /// </summary>
    public static class OpenIddictServerDistributedAuthenticationWebApplicationBuilderExtenions
    {
        public static WebApplicationBuilder AddDistributedAuthenticationServer<_TContext>(this WebApplicationBuilder builder)
                        where _TContext :DbContext
        {
           var Configuration = builder.Configuration;

            // 1、注册Identity模块上下文
            // 添加数据库上下文
            builder.Services.AddDbContext<_TContext>(options =>
            {
                //2.1、集成MySQL
                options.UseMySql(builder.Configuration.GetConnectionString("Default"),
                    new MySqlServerVersion("5.7.29"));

                // 2.2、关联OpenIddict【openiddict模型】
                options.UseOpenIddict();
            });

            // 3、集成OpenIddict
            builder.Services.AddOpenIddict()
                        // 1、使用efcore操作MySQL配置【efcore】
                        .AddCore(options =>
                        {
                            options.UseEntityFrameworkCore()
                                   .UseDbContext<_TContext>();
                        })
                        // 2、生成token
                        .AddServer(options =>
                        {
                            options.SetTokenEndpointUris(Configuration["DistributedAuthentication:OpenIddictServer:TokenEndpointUri"]); // 客户端连接地址
                            options.AllowPasswordFlow() // 允许用户名和密码生成Token
                                   .AllowClientCredentialsFlow(); // 允许客户端生成Token
                            options.AcceptAnonymousClients(); // 接收所有的客户端
                            options.SetAccessTokenLifetime(TimeSpan.FromHours(1)); // Token有效期
                            options.SetRefreshTokenLifetime(TimeSpan.FromDays(7)); // Token刷新时间
                            options.AddEphemeralEncryptionKey() // 使用https来生成token
                                   .AddEphemeralSigningKey();
                            options.DisableAccessTokenEncryption(); // 禁止Token加密

                            /*// 注册所有必要的 Scope[重要]
                            options.RegisterScopes(
                                "manger2",
                                "manger3"
                            );*/
                            // Token在跨平台下使用
                            options.UseAspNetCore()
                                   .EnableTokenEndpointPassthrough();
                        })
                        // 3、验证token
                        .AddValidation(options =>
                        {
                            options.UseLocalServer();
                            options.UseAspNetCore();
                        });

            return builder;
        }
    }
}
